Install EV Web Server Certificate onto Cisco CSS 11500

Problem

Solution

This document provides instructions for installing Thawte EV Web Server Certificates. If you are unable to use these instructions for your server, Thawte recommends that you contact either the vendor of your software or an organization that supports Cisco CSS 11500.

Step 1: Obtain the Thawte EV Web Server Intermediate CA certificate

a) Download the EV Web Server Intermediate CA from the following solution: AR1384

Note: Be sure to use Vi or Notepad as word processing programs like Microsoft Notepad may add additional characters that may render the certificate unusable.

b) Copy and paste the EV Web Server Intermediate CA into a text file and save as intermediate.crt

Step 2: Obtain the EV Web Server Certificate

Download your certificate as per the instruction on the following solution: SO13187

Step 3: Creating the Concatenated text file with .pem format

Cisco CSS 11500 requires the certificate and the Signing Certificate (Intermediate Certificate) to be concatenated in a text file with a .pem extension. Download your Certificate and Intermediate Certificate and copy the Certificates to a Notepad file or other text editor. Copy and paste the Intermediate Certificate below your issued Certificate in the following order: yourCertificate > Followed by the Intermediate CA. Save the file with a .pem extension(i.e mycertfile.pem)

Open the SSL certificate file you obtained in Step 2

Copy the contents including the
-----BEGIN CERTIFICATE-----

and

----END CERTIFICATE-----

Open the Intermediate.crt file you created in Step 1

At the top of the file, paste the contents from Step 1

Save this file as .em (i.e. mycertfile.pem)

E.g of what it should look like:

-----BEGIN CERTIFICATE-----

Your SSL Certificate

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

Thawte Intermediate CA

-----END CERTIFICATE-----

Step 4: Install the EV Web Server Certificate

Import the concatenated certificate file (.pem) into the CSS.

Associate the certificate to the ssl-server.

Apply the CA of the ssl-server within the ssl-proxy-list

To verify, the private key that needs to be used is the private key that generated the Certificate Signing Request (CSR) file to create the Certificate.

There is only one private key for a Certificate. Make sure to verify the Certificate and private key after they are imported. You can issue the command shown below.

Legal

DigiCert is the world’s premier provider of high-assurance digital certificates—providing trusted SSL, private and managed PKI deployments, and device certificates for the emerging IoT market. Since our founding almost fifteen years ago, we’ve been driven by the idea of finding a better way. A better way to provide authentication on the internet. A better way to tailor solutions to our customer’s needs. Now, we’ve added Symantec’s experience and talent to our legacy of innovation to find a better way to lead the industry forward, and build greater trust in identity and digital interactions